{"update": {"autokarma": true, "autotime": false, "stable_karma": 6, "stable_days": 0, "unstable_karma": -2, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Updates for openssh and selinux-policy fixes issue when SELinux user \"guest_t\" can run sudo command.\n\n\n\n\n", "type": "security", "status": "unpushed", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": false, "critpath": true, "critpath_groups": null, "close_bugs": true, "date_submitted": "2016-07-27 12:06:28", "date_modified": "2016-07-27 12:18:14", "date_approved": null, "date_testing": "2016-07-28 04:05:17", "date_stable": null, "alias": "FEDORA-2016-9402100276", "test_gating_status": null, "from_tag": null, "date_pushed": "2016-07-28 04:05:17", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2016-9402100276", "title": "openssh-7.2p2-5.fc23 selinux-policy-3.13.1-158.22.fc23", "version_hash": "b8f9e58c5b93b2e4bdbe5a36c5d6bdeb19971342", "release": {"name": "F23", "long_name": "Fedora 23", "version": "23", "id_prefix": "FEDORA", "branch": "f23", "dist_tag": "f23", "stable_tag": "f23-updates", "testing_tag": "f23-updates-testing", "candidate_tag": "f23-updates-candidate", "pending_signing_tag": "f23-signing-pending", "pending_testing_tag": "f23-updates-testing-pending", "pending_stable_tag": "f23-updates-pending", "override_tag": "f23-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "lvrabec", "email": "lvrabec@redhat.com", "id": 848, "avatar": "https://seccdn.libravatar.org/avatar/fc5620e4b2cb6ce528cc5b9c4576b4421a9c47f14eeb1e764130d848219d8048?s=24&d=retro", "openid": "lvrabec.id.stg.fedoraproject.org", "groups": [{"name": "packager"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by lvrabec. ", "timestamp": "2016-07-27 12:06:28", "update_id": 63309, "user_id": 91, "id": 463997, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [openssh-7.2p2-4.fc23](https://bodhi.fedoraproject.org/updates/FEDORA-2016-1136df48e5), and has inherited its bugs and notes.", "timestamp": "2016-07-27 12:06:34", "update_id": 63309, "user_id": 91, "id": 463999, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "lvrabec edited this update.", "timestamp": "2016-07-27 12:07:18", "update_id": 63309, "user_id": 91, "id": 464000, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "lvrabec edited this update.", "timestamp": "2016-07-27 12:07:39", "update_id": 63309, "user_id": 91, "id": 464001, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "lvrabec edited this update.", "timestamp": "2016-07-27 12:07:51", "update_id": 63309, "user_id": 91, "id": 464002, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "lvrabec edited this update.", "timestamp": "2016-07-27 12:18:13", "update_id": 63309, "user_id": 91, "id": 464003, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2016-07-28 04:19:26", "update_id": 63309, "user_id": 91, "id": 464377, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Nope. This fixes the problem of `guest_t` running `sudo`, but breaks the chroot:\n\nhttps://github.com/fedora-selinux/selinux-policy/commit/ca094ff25a544b684b05aece35a03e132f4c7e1c\n\nthis should go to the `sshd_t` instead.", "timestamp": "2016-08-02 06:29:54", "update_id": 63309, "user_id": 1178, "id": 466147, "bug_feedback": [{"karma": -1, "comment_id": 466147, "bug_id": 1356245, "bug": {"bug_id": 1356245, "title": "guest_t can run sudo", "security": false, "parent": false}}, {"karma": -1, "comment_id": 466147, "bug_id": 1357860, "bug": {"bug_id": 1357860, "title": "guest_t can run sudo", "security": false, "parent": false}}, {"karma": 0, "comment_id": 466147, "bug_id": 1357442, "bug": {"bug_id": 1357442, "title": "CVE-2016-6210 openssh: User enumeration via covert timing channel", "security": true, "parent": true}}, {"karma": 0, "comment_id": 466147, "bug_id": 1357443, "bug": {"bug_id": 1357443, "title": "CVE-2016-6210 openssh: User enumeration via covert timing channel [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [{"karma": 0, "comment_id": 466147, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "jjelen", "email": "jjelen@redhat.com", "id": 1178, "avatar": "https://seccdn.libravatar.org/avatar/148def0f2ca15284cb1cf58ff223f5754929b232f2f893ee8da4d0341a395ca6?s=24&d=retro", "openid": "jjelen.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "crypto-team"}]}}, {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2016-08-08 00:46:54", "update_id": 63309, "user_id": 124, "id": 468030, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "filiperosset", "email": "rosset.filipe@gmail.com", "id": 124, "avatar": "https://seccdn.libravatar.org/avatar/f4394b8fb4c9a99c4b534dc724912fe75a5b87fe15048985ece8388c2441d0ca?s=24&d=retro", "openid": "filiperosset.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "trust admins"}, {"name": "signed_fpca"}, {"name": "fedora-contributor"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "ipausers"}, {"name": "fedora-br"}, {"name": "fedorabugs"}, {"name": "ambassadors"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2016-08-11 06:00:16", "update_id": 63309, "user_id": 91, "id": 469809, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing", "timestamp": "2016-08-15 04:49:59", "update_id": 63309, "user_id": 3084, "id": 471438, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "em3rson", "email": "em3rson@linuxmail.org", "id": 3084, "avatar": "https://seccdn.libravatar.org/avatar/b39d54825f949f4502d42921111341df334a354cc1061648f56537f87c947706?s=24&d=retro", "openid": "em3rson.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "wfm", "timestamp": "2016-08-23 04:07:01", "update_id": 63309, "user_id": 216, "id": 475426, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "williamjmorenor", "email": "williamjmorenor@gmail.com", "id": 216, "avatar": "https://seccdn.libravatar.org/avatar/535e21a47e44d385a87745951b4be65bcef17288f885002dceb4809f3a2d7a67?s=24&d=retro", "openid": "williamjmorenor.id.stg.fedoraproject.org", "groups": [{"name": "packager"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been unpushed.", "timestamp": "2016-09-30 17:58:37", "update_id": 63309, "user_id": 92, "id": 498037, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "ausil", "email": "dennis@ausil.us", "id": 92, "avatar": "https://seccdn.libravatar.org/avatar/3d919a6fbd80b93c77f1ddbd2484b534e2e94df434aa0cd19981e60647014952?s=24&d=retro", "openid": "ausil.id.stg.fedoraproject.org", "groups": [{"name": "provenpackager"}, {"name": "packager"}, {"name": "fedora-contributor"}, {"name": "sysadmin"}, {"name": "fedora-s390"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "centosproject-email-aliases"}, {"name": "fedora-arm"}, {"name": "ambassadors"}, {"name": "sig-paas"}, {"name": "sysadmin-cvs"}, {"name": "cvsadmin"}, {"name": "fedora-ppc"}, {"name": "fedorabugs"}, {"name": "arm-qa"}, {"name": "trust admins"}, {"name": "sig-cloud"}]}}], "builds": [{"nvr": "openssh-7.2p2-5.fc23", "signed": true, "release_id": 11, "type": "rpm", "epoch": 0}, {"nvr": "selinux-policy-3.13.1-158.22.fc23", "signed": true, "release_id": 11, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1356245, "title": "guest_t can run sudo", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 464780, "bug_id": 1356245, "comment": {"karma": 1, "karma_critpath": 1, "text": "Seems OK here.", "timestamp": "2016-07-28 22:36:38", "update_id": 63303, "user_id": 198, "id": 464780, "testcase_feedback": [{"karma": 0, "comment_id": 464780, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 465681, "bug_id": 1356245, "comment": {"karma": 0, "karma_critpath": 0, "text": "SELinux is preventing ksmtuned from 'write' accesses on the directory ksm.\n\n*****  Plugin catchall (100. confidence) suggests   **************************\n\n\nAdditional Information:\n\nSource Context                system_u:system_r:ksmtuned_t:s0\n\nTarget Context                system_u:object_r:sysfs_t:s0\n\nTarget Objects                ksm [ dir ]\n\nSource                        ksmtuned\n\nSource Path                   ksmtuned\n\nPort                          <Unknown\n\nHost                          (removed)\n          \nPolicy RPM                    selinux-policy-3.13.1-191.8.fc24.noarch\n\nSelinux Enabled               True\n\nPolicy Type                   targeted\n\nEnforcing Mode                Enforcing\n\nHost Name                     (removed)\n\nPlatform                      Linux (removed) 4.7.0 #1 SMP Mon Jul 25\n                              00:18:29 EEST 2016 x86_64 x86_64\n\nAlert Count                   7\n\nFirst Seen                    2016-07-27 16:30:20 EEST\n\nLast Seen                     2016-08-01 06:56:31 EEST\n\nRaw Audit Messages\ntype=AVC msg=audit(1470023791.305:360): avc:  denied  { write } for  pid=860 comm=\"ksmtuned\" name=\"ksm\" dev=\"sysfs\" ino=658 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0\n\n\nHash: ksmtuned,ksmtuned_t,sysfs_t,dir,write", "timestamp": "2016-08-01 10:44:21", "update_id": 63303, "user_id": 207, "id": 465681, "testcase_feedback": [{"karma": 0, "comment_id": 465681, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.stg.fedoraproject.org", "groups": []}}}, {"karma": -1, "comment_id": 466147, "bug_id": 1356245, "comment": {"karma": 0, "karma_critpath": 0, "text": "Nope. This fixes the problem of `guest_t` running `sudo`, but breaks the chroot:\n\nhttps://github.com/fedora-selinux/selinux-policy/commit/ca094ff25a544b684b05aece35a03e132f4c7e1c\n\nthis should go to the `sshd_t` instead.", "timestamp": "2016-08-02 06:29:54", "update_id": 63309, "user_id": 1178, "id": 466147, "testcase_feedback": [{"karma": 0, "comment_id": 466147, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "jjelen", "email": "jjelen@redhat.com", "id": 1178, "avatar": "https://seccdn.libravatar.org/avatar/148def0f2ca15284cb1cf58ff223f5754929b232f2f893ee8da4d0341a395ca6?s=24&d=retro", "openid": "jjelen.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "crypto-team"}]}}}]}, {"bug_id": 1357442, "title": "CVE-2016-6210 openssh: User enumeration via covert timing channel", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 461076, "bug_id": 1357442, "comment": {"karma": 1, "karma_critpath": 1, "text": "No regressions noted in everyday use.", "timestamp": "2016-07-18 22:37:50", "update_id": 62750, "user_id": 194, "id": 461076, "testcase_feedback": [{"karma": 1, "comment_id": 461076, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "dhgutteridge", "email": "dhgutteridge@hotmail.com", "id": 194, "avatar": "https://seccdn.libravatar.org/avatar/95e7a46aa03707373935111628c2b387339f570b9175d20455a53fd00acafbcb?s=24&d=retro", "openid": "dhgutteridge.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 462417, "bug_id": 1357442, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works for me.", "timestamp": "2016-07-22 06:35:42", "update_id": 62752, "user_id": 225, "id": 462417, "testcase_feedback": [{"karma": 1, "comment_id": 462417, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "mildew", "email": "dkopecek@redhat.com", "id": 225, "avatar": "https://seccdn.libravatar.org/avatar/ec1735adb3d6099b955e49380a024981aa6cf1556d4573f46a2a663131240cba?s=24&d=retro", "openid": "mildew.id.stg.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 466147, "bug_id": 1357442, "comment": {"karma": 0, "karma_critpath": 0, "text": "Nope. This fixes the problem of `guest_t` running `sudo`, but breaks the chroot:\n\nhttps://github.com/fedora-selinux/selinux-policy/commit/ca094ff25a544b684b05aece35a03e132f4c7e1c\n\nthis should go to the `sshd_t` instead.", "timestamp": "2016-08-02 06:29:54", "update_id": 63309, "user_id": 1178, "id": 466147, "testcase_feedback": [{"karma": 0, "comment_id": 466147, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "jjelen", "email": "jjelen@redhat.com", "id": 1178, "avatar": "https://seccdn.libravatar.org/avatar/148def0f2ca15284cb1cf58ff223f5754929b232f2f893ee8da4d0341a395ca6?s=24&d=retro", "openid": "jjelen.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "crypto-team"}]}}}]}, {"bug_id": 1357443, "title": "CVE-2016-6210 openssh: User enumeration via covert timing channel [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 461076, "bug_id": 1357443, "comment": {"karma": 1, "karma_critpath": 1, "text": "No regressions noted in everyday use.", "timestamp": "2016-07-18 22:37:50", "update_id": 62750, "user_id": 194, "id": 461076, "testcase_feedback": [{"karma": 1, "comment_id": 461076, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "dhgutteridge", "email": "dhgutteridge@hotmail.com", "id": 194, "avatar": "https://seccdn.libravatar.org/avatar/95e7a46aa03707373935111628c2b387339f570b9175d20455a53fd00acafbcb?s=24&d=retro", "openid": "dhgutteridge.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 462417, "bug_id": 1357443, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works for me.", "timestamp": "2016-07-22 06:35:42", "update_id": 62752, "user_id": 225, "id": 462417, "testcase_feedback": [{"karma": 1, "comment_id": 462417, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "mildew", "email": "dkopecek@redhat.com", "id": 225, "avatar": "https://seccdn.libravatar.org/avatar/ec1735adb3d6099b955e49380a024981aa6cf1556d4573f46a2a663131240cba?s=24&d=retro", "openid": "mildew.id.stg.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 0, "comment_id": 466147, "bug_id": 1357443, "comment": {"karma": 0, "karma_critpath": 0, "text": "Nope. This fixes the problem of `guest_t` running `sudo`, but breaks the chroot:\n\nhttps://github.com/fedora-selinux/selinux-policy/commit/ca094ff25a544b684b05aece35a03e132f4c7e1c\n\nthis should go to the `sshd_t` instead.", "timestamp": "2016-08-02 06:29:54", "update_id": 63309, "user_id": 1178, "id": 466147, "testcase_feedback": [{"karma": 0, "comment_id": 466147, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "jjelen", "email": "jjelen@redhat.com", "id": 1178, "avatar": "https://seccdn.libravatar.org/avatar/148def0f2ca15284cb1cf58ff223f5754929b232f2f893ee8da4d0341a395ca6?s=24&d=retro", "openid": "jjelen.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "crypto-team"}]}}}]}, {"bug_id": 1357860, "title": "guest_t can run sudo", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 464780, "bug_id": 1357860, "comment": {"karma": 1, "karma_critpath": 1, "text": "Seems OK here.", "timestamp": "2016-07-28 22:36:38", "update_id": 63303, "user_id": 198, "id": 464780, "testcase_feedback": [{"karma": 0, "comment_id": 464780, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 465681, "bug_id": 1357860, "comment": {"karma": 0, "karma_critpath": 0, "text": "SELinux is preventing ksmtuned from 'write' accesses on the directory ksm.\n\n*****  Plugin catchall (100. confidence) suggests   **************************\n\n\nAdditional Information:\n\nSource Context                system_u:system_r:ksmtuned_t:s0\n\nTarget Context                system_u:object_r:sysfs_t:s0\n\nTarget Objects                ksm [ dir ]\n\nSource                        ksmtuned\n\nSource Path                   ksmtuned\n\nPort                          <Unknown\n\nHost                          (removed)\n          \nPolicy RPM                    selinux-policy-3.13.1-191.8.fc24.noarch\n\nSelinux Enabled               True\n\nPolicy Type                   targeted\n\nEnforcing Mode                Enforcing\n\nHost Name                     (removed)\n\nPlatform                      Linux (removed) 4.7.0 #1 SMP Mon Jul 25\n                              00:18:29 EEST 2016 x86_64 x86_64\n\nAlert Count                   7\n\nFirst Seen                    2016-07-27 16:30:20 EEST\n\nLast Seen                     2016-08-01 06:56:31 EEST\n\nRaw Audit Messages\ntype=AVC msg=audit(1470023791.305:360): avc:  denied  { write } for  pid=860 comm=\"ksmtuned\" name=\"ksm\" dev=\"sysfs\" ino=658 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0\n\n\nHash: ksmtuned,ksmtuned_t,sysfs_t,dir,write", "timestamp": "2016-08-01 10:44:21", "update_id": 63303, "user_id": 207, "id": 465681, "testcase_feedback": [{"karma": 0, "comment_id": 465681, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.stg.fedoraproject.org", "groups": []}}}, {"karma": -1, "comment_id": 466147, "bug_id": 1357860, "comment": {"karma": 0, "karma_critpath": 0, "text": "Nope. This fixes the problem of `guest_t` running `sudo`, but breaks the chroot:\n\nhttps://github.com/fedora-selinux/selinux-policy/commit/ca094ff25a544b684b05aece35a03e132f4c7e1c\n\nthis should go to the `sshd_t` instead.", "timestamp": "2016-08-02 06:29:54", "update_id": 63309, "user_id": 1178, "id": 466147, "testcase_feedback": [{"karma": 0, "comment_id": 466147, "testcase_id": 1, "testcase": {"name": "QA:Testcase OpenSSH", "id": 1}}], "user": {"name": "jjelen", "email": "jjelen@redhat.com", "id": 1178, "avatar": "https://seccdn.libravatar.org/avatar/148def0f2ca15284cb1cf58ff223f5754929b232f2f893ee8da4d0341a395ca6?s=24&d=retro", "openid": "jjelen.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "crypto-team"}]}}}]}], "updateid": "FEDORA-2016-9402100276", "karma": 2, "content_type": "rpm", "test_cases": [{"name": "QA:Testcase OpenSSH", "id": 1}]}, "can_edit": false, "ci_allowed": false}